Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The server is configured to allow outdated security protocols (SSL v2, SSL v3, or TLS v1), which are known to be insecure. These protocols are vulnerable to various attacks and should be explicitly disabled when creating HTTPS servers.
Impact#
Allowing these deprecated protocols can let attackers intercept or modify sensitive data in transit, potentially leading to data breaches, session hijacking, or unauthorized access. This exposes both users and the application to significant security risks.